The Mutual Evaluation of the Kingdom of Saudi Arabia was conducted as a joint exercise between the MENAFATF and the FATF. The Mutual Evaluation Report was considered and adopted by the MENAFATF at its plenary meeting in Yasmine Hammamet, Tunisia on 4 May 2010, and then by the FATF at its plenary in Amsterdam on 25 June 2010, which introduced limited changes to it.
The Kingdom of Saudi Arabia (KSA) established its Anti Money Laundering (AML) / Combating the Financing of Terrorism (CFT) regime officially with the issuance of the Anti-Money Laundering Statute in 2003 and its Implementing Regulations in 2005. The legal AML framework is quite robust; however, the CFT legal framework is not as developed. In addition, the effectiveness of the AML and CFT systems needs improvement.
The legal AML framework in KSA is composed of Shari’ah law and the Anti Money Laundering Statute (AMLS). This framework effectively criminalizes money laundering as required by the FATF Recommendations and international conventions, although criminal liability of legal persons is missing. A confiscation and freezing framework was set up, but its effectiveness needs to be much improved. KSA should also protect the rights of bona fide third parties. Regarding terrorist financing (TF), it is clear that KSA is committed to prosecute terrorist financiers as terrorists. However, KSA was already encouraged in 2004, after it was assessed by the FATF to enact a freestanding terrorist financing offence in line with the United Nations (UN) Terrorist Financing Convention. This has still not been done. In addition, despite the fact that the Kingdom has established a mechanism to implement United Nations Security Council Resolution (UNSCR) 1267(1999); UNSCR 1373(2001) has yet to be implemented. On international cooperation, KSA has signed, ratified and implemented the UN Vienna Convention. However, the UN Palermo Convention has not fully been implemented, while the UN Terrorist Financing Convention has not been implemented. The general framework for mutual legal assistance is sound on paper, but is relatively untested and, therefore, lacks experience, which does not enhance effectiveness.
The KSA Financial Intelligence Unit (SAFIU) is a well equipped and well resourced organisation that receives and disseminates relatively few Suspicious Transaction Reports (STRs). Nevertheless, at the time of the on-site visit, SAFIU faced a backlog of about 30% of STRs over the last two years that were waiting to be analysed and made available to law enforcement entities. This backlog accumulation requires constant management attention and monitoring so that STRs are processed in a timely manner.
The non-profit sector is a well organised sector. Non-profit organisations (NPOs) are licensed, registered, supervised and sanctioned, and can only have one supervised bank account. By law, NPOs are not allowed to donate or collect funds for distribution outside the Kingdom, nor are they allowed to operate abroad or accept funds from abroad (these are Royal privileges). Nevertheless, KSA has not undertaken a review or periodic reassessments of its NPO sector to identify TF risk as required by the FATF.
Financial Institutions and Designated Non-Financial Businesses and Professions
The assessment team noted the existence of a comprehensive framework for preventive measures for Financial Institutions, even though the rules for the insurance and securities sectors were only issued shortly before the onsite visit. Some of the preventive obligations for Financial Institutions are based on enforceable means rather than primary or secondary legislation. Some other obligations are not clear or consistent. For all sectors and for all measures, there is a problem with the lack of effective implementation. Promising features are the availability of sufficient resources and advanced software solutions to process and monitor banking and other financial transactions. This could be an effective foundation for improved and effective implementation, provided that these solutions are properly customized to business needs, and that better training is offered.
The assessment team noted the commitment expressed by the government to implement an effective STR reporting mechanism for AML/CFT for FIs. While the upward trend in STR filings over recent years is a positive sign, reporting levels are generally low. The low number of TF-related STR filings by Financial Institutions, and some institutions’ perception that their exposure to the risk of TF abuse is low, point at deficiencies in the TF reporting system that go beyond those for the ML reporting system. Furthermore, the lack of clear understanding among financial institutions regarding the distinction between requirements to monitor transactions and to report transactions that are identified as suspicious; raises concerns about the effectiveness of the monitoring and reporting system. For Designated Non-Financial Businesses and Professions, reporting levels are not as should be expected for these sectors.
There are two supervisory agencies that supervise and regulate financial entities in KSA. Both agencies have adequate powers and financial resources to conduct their activities. While the assessment team welcomes the authorities’ efforts in enhancing the current supervisory regime, it also noticed low levels of corrective measures applied by both supervisory agencies. The assessment team also noted the need for supervisors to effectively cover all types of Financial Institutions that are subject to their supervision, and the need to enhance the number of human resources available to supervise the insurance and securities sectors. Also, authorities should work closely and collectively to enhance the guidance issued by supervisory authorities to be comprehensive and industry specific.
For Designated Non-Financial Business and Profession in KSA in general, while there are basic obligations in relation to AML/CFT, the sectors lack the experience and the awareness of AML/CFT risks and obligations.